CVE-2004-0595

PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

La función strip_tags en PHP 4.x hasta 4.3.7, y 5.x hasta 5.0.0RC3, no filtra caractéres null() dentro de nombreres de etiquetas cuanto se restringe la entrada a etiquetas permitidas, lo que permite que etiquetas peligrosas sean procesadas por navegadores como Internet Explorer y Safari, que ignoran caractéres nulos y facilita la explotación de vulnerabilidades de secuencias de comandos en sitios cruzados (XSS).

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-06-23 CVE Reserved
2004-07-14 CVE Published
2004-07-14 First Exploit
2024-01-22 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (21)

URL	Tag	Source
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html	Mailing List
http://marc.info/?l=bugtraq&m=108981780109154&w=2	Mailing List
http://marc.info/?l=bugtraq&m=108982983426031&w=2	Mailing List
http://marc.info/?l=bugtraq&m=109051444105182&w=2	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/16692	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/24280	2004-07-14
http://www.securityfocus.com/bid/10724	2024-08-08

URL	Date	SRC
http://www.debian.org/security/2004/dsa-531	2018-10-30

URL	Date	SRC
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847	2018-10-30
http://marc.info/?l=bugtraq&m=109181600614477&w=2	2018-10-30
http://www.debian.org/security/2005/dsa-669	2018-10-30
http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml	2018-10-30
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068	2018-10-30
http://www.novell.com/linux/security/advisories/2004_21_php4.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2004-392.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2004-395.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2004-405.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2005-816.html	2018-10-30
https://access.redhat.com/security/cve/CVE-2004-0595	2004-07-23
https://bugzilla.redhat.com/show_bug.cgi?id=1617234	2004-07-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Avaya Search vendor "Avaya"		Converged Communications Server Search vendor "Avaya" for product "Converged Communications Server"				2.0 Search vendor "Avaya" for product "Converged Communications Server" and version "2.0"		-		Affected
Redhat Search vendor "Redhat"		Fedora Core Search vendor "Redhat" for product "Fedora Core"				core_1.0 Search vendor "Redhat" for product "Fedora Core" and version "core_1.0"		-		Affected
Redhat Search vendor "Redhat"		Fedora Core Search vendor "Redhat" for product "Fedora Core"				core_2.0 Search vendor "Redhat" for product "Fedora Core" and version "core_2.0"		-		Affected
Trustix Search vendor "Trustix"		Secure Linux Search vendor "Trustix" for product "Secure Linux"				1.5 Search vendor "Trustix" for product "Secure Linux" and version "1.5"		-		Affected
Trustix Search vendor "Trustix"		Secure Linux Search vendor "Trustix" for product "Secure Linux"				2.0 Search vendor "Trustix" for product "Secure Linux" and version "2.0"		-		Affected
Trustix Search vendor "Trustix"		Secure Linux Search vendor "Trustix" for product "Secure Linux"				2.1 Search vendor "Trustix" for product "Secure Linux" and version "2.1"		-		Affected
Avaya Search vendor "Avaya"		Integrated Management Search vendor "Avaya" for product "Integrated Management"				*		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0 Search vendor "Php" for product "Php" and version "4.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0.1 Search vendor "Php" for product "Php" and version "4.0.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0.2 Search vendor "Php" for product "Php" and version "4.0.2"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0.3 Search vendor "Php" for product "Php" and version "4.0.3"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0.4 Search vendor "Php" for product "Php" and version "4.0.4"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0.5 Search vendor "Php" for product "Php" and version "4.0.5"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0.6 Search vendor "Php" for product "Php" and version "4.0.6"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0.7 Search vendor "Php" for product "Php" and version "4.0.7"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.1.0 Search vendor "Php" for product "Php" and version "4.1.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.1.1 Search vendor "Php" for product "Php" and version "4.1.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.1.2 Search vendor "Php" for product "Php" and version "4.1.2"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.2.0 Search vendor "Php" for product "Php" and version "4.2.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.2.1 Search vendor "Php" for product "Php" and version "4.2.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.2.2 Search vendor "Php" for product "Php" and version "4.2.2"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.2.3 Search vendor "Php" for product "Php" and version "4.2.3"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.3.0 Search vendor "Php" for product "Php" and version "4.3.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.3.1 Search vendor "Php" for product "Php" and version "4.3.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.3.2 Search vendor "Php" for product "Php" and version "4.3.2"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.3.3 Search vendor "Php" for product "Php" and version "4.3.3"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.3.5 Search vendor "Php" for product "Php" and version "4.3.5"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.3.6 Search vendor "Php" for product "Php" and version "4.3.6"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.3.7 Search vendor "Php" for product "Php" and version "4.3.7"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.0 Search vendor "Php" for product "Php" and version "5.0"		rc1		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.0 Search vendor "Php" for product "Php" and version "5.0"		rc2		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.0 Search vendor "Php" for product "Php" and version "5.0"		rc3		Affected
Avaya Search vendor "Avaya"		S8300 Search vendor "Avaya" for product "S8300"				r2.0.0 Search vendor "Avaya" for product "S8300" and version "r2.0.0"		-		Affected
Avaya Search vendor "Avaya"		S8300 Search vendor "Avaya" for product "S8300"				r2.0.1 Search vendor "Avaya" for product "S8300" and version "r2.0.1"		-		Affected
Avaya Search vendor "Avaya"		S8500 Search vendor "Avaya" for product "S8500"				r2.0.0 Search vendor "Avaya" for product "S8500" and version "r2.0.0"		-		Affected
Avaya Search vendor "Avaya"		S8500 Search vendor "Avaya" for product "S8500"				r2.0.1 Search vendor "Avaya" for product "S8500" and version "r2.0.1"		-		Affected
Avaya Search vendor "Avaya"		S8700 Search vendor "Avaya" for product "S8700"				r2.0.0 Search vendor "Avaya" for product "S8700" and version "r2.0.0"		-		Affected
Avaya Search vendor "Avaya"		S8700 Search vendor "Avaya" for product "S8700"				r2.0.1 Search vendor "Avaya" for product "S8700" and version "r2.0.1"		-		Affected